•Entity or procedure that
enforces some part of the security policy
–Access controls (like bits to prevent someone from reading a
homework file)
–Disallowing people from bringing CDs and floppy disks into a
computer facility to control what is placed on systems
Example English Policy
•Computer security policy
for academic institution
–Institution has multiple campuses, administered from central
office
–Each campus has its own administration, and unique aspects and
needs
•Authorized Use Policy
•Electronic Mail Policy
Authorized Use Policy
•Intended for one campus
(Davis) only
•Goals of campus computing
–Underlying intent
•Procedural enforcement
mechanisms
–Warnings
–Denial of computer access
–Disciplinary action up to and including expulsion
•Written informally, aimed
at user community
Electronic Mail Policy
•Systemwide, not just one campus
•Three parts
–Summary
–Full policy
–Interpretation at the campus
No comments:
Post a Comment